4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad

Analysis

max time kernel
107s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
23-09-2022 02:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
Size

1.1MB
MD5

07529dbc5603cacb426137b0fa110e46
SHA1

7f88cf7634a633bf2d311fb1f24726c5d5a88259
SHA256

4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad
SHA512

7676810ebc8394fbd0b84e3b7f9d6e06afa8edf3e93e80aeacf842deacfb1a13190b1238ff2212ff4f1ad831388f4e862328547317a24ddecac0b229e3ca73bc
SSDEEP

24576:93KpBwAVg/iAsm4jsPGWjz+Toleqz7Pqyz+/m5ijbLHB:Uww0eooyTqyS/mEvjB

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

pid	Process
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 1976	1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe	27
PID 1456 wrote to memory of 1976	1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe	27
PID 1456 wrote to memory of 1976	1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe	27
PID 1456 wrote to memory of 1976	1456	4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe	27

C:\Users\Admin\AppData\Local\Temp\4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe
"C:\Users\Admin\AppData\Local\Temp\4064c1351b8230044acd3b03b5a4bc856c6cfb05676a42f041d8094297ea33ad.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bt8278.bat
  2⤵
  PID:1976

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\bt8278.bat

Filesize
1KB

MD5
9088c37055256eabb9ec6585d6ff3778

SHA1
25f8f87d4e64f3f2c2bf1673ade6586bd51df518

SHA256
c6c25e54831235db692131b6071805aa8ef75bc8fa3669d4d5c9f5d78a205563

SHA512
6d3a994a4dd018baab34ee72446f0fb5d456c560414bdeab65cd00019d51a498e084fe08300a918755f6de4ac12fcd1c6ac4dcf0abd72c8ea190c555ff67d3ee

Download Submit
memory/1456-54-0x0000000075B51000-0x0000000075B53000-memory.dmp

Filesize
8KB

Download
memory/1456-56-0x0000000074F70000-0x0000000074FB7000-memory.dmp

Filesize
284KB

Download
memory/1456-97-0x0000000000400000-0x0000000000574000-memory.dmp

Filesize
1.5MB

Download
memory/1456-463-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-464-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-465-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-466-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-467-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-468-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-469-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-470-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-471-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-472-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-473-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-474-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-476-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-475-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-478-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-477-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-479-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-480-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-481-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-482-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-485-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-483-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-486-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-484-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-487-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-488-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-489-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-490-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-491-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-492-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-493-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-494-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-495-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-496-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-497-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-498-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-499-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-500-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-503-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-501-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-502-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-504-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-505-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-506-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-507-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-508-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-510-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-509-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-512-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-511-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-514-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-513-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-515-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-516-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-518-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-517-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-519-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-520-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-521-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-522-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-523-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-524-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-1524-0x00000000007B0000-0x00000000008B0000-memory.dmp

Filesize
1024KB

Download
memory/1456-1526-0x0000000002060000-0x00000000021E1000-memory.dmp

Filesize
1.5MB

Download
memory/1456-1759-0x0000000000400000-0x0000000000574000-memory.dmp

Filesize
1.5MB

Download
memory/1456-4617-0x00000000007B0000-0x00000000008B0000-memory.dmp

Filesize
1024KB

Download
memory/1456-4618-0x0000000002310000-0x0000000002421000-memory.dmp

Filesize
1.1MB

Download
memory/1456-4619-0x0000000002430000-0x0000000002531000-memory.dmp

Filesize
1.0MB

Download
memory/1456-4620-0x0000000000400000-0x0000000000574000-memory.dmp

Filesize
1.5MB

Download
memory/1456-4621-0x00000000021F0000-0x0000000002291000-memory.dmp

Filesize
644KB

Download